Anime, manga, and games, with a take · A Yukimedia publication

← all stories other 1 sources · 2h ago ·

Cursor Zero-Day Vulnerability Disclosed After Seven Months Without a Fix

The disclosure demonstrates the risks of AI-assisted development tools when vendors fail to patch known vulnerabilities, leaving users exposed to attacks via malicious repositories.

Reporting from 1 source: GIGAZINE.

Cursor Zero-Day Vulnerability Disclosed After Seven Months Without a Fix

A vulnerability in the AI-assisted code editor Cursor allows arbitrary code execution by opening a crafted repository. Security firm Mindgard reported the flaw in December 2025 but after seven months without a fix, it disclosed the details on July 14, 2026. The issue involves Cursor searching for executable files in the repository itself, with no warning or user interaction required.

Cursor searches for executable files in multiple locations when loading a project, including the repository itself. A malicious git.exe placed at the top level of a repository will be executed automatically without any warning or user interaction. Mindgard, the security firm that discovered the flaw, reported it to Cursor in December 2025. After seven months without a fix and insufficient communication, the company disclosed the vulnerability details on July 14, 2026. As of the time of writing, no fixed version or security advisory has been issued. Mindgard recommends opening untrusted repositories in Windows Sandbox or disposable virtual machines as a workaround.

Synthesized by Yomimono from the 1 cited source below, including Japanese-language reporting where cited, then editorially reviewed before publishing.

Sources